itman

I'll answer two of these questions. Most definitely. Have yet to find something that can get around it. First, Eset HIPS is not a "full feature" HIPS along the lines of Comodo's Defense+ or OutPost's now default HIPS. The Eset HIPS lacks features such as a Trusted Publishers feature and the like that auto allow trusted System processes and the like. "The rub" is when you start monitoring a process for modification, you also must also manually create allow rules for trusted processes that do likewise. This means you must have the technical knowledge to know what those trusted processes are and if its normal activity for them to perform such modification. And in reality, it doesn't end here. Those trusted processes could be possibly be injected by malware, so those should also be monitored ........ ad infinitum. Most browsers are sandboxed; e.g. Edge's AppContainer, or run at low Integrity level which prevents malware from infecting the rest of the system. There are also products designed for this like Sandboxie although it appears, its days are numbered.

Read this above posting: https://forum.eset.com/topic/22995-latest-update-bsod/?do=findComment&comment=111480 The last update to 2004 borked things. Also as I posted previously but apparently you did not read, Eset doesn't officially support Win 10 Preview builds.

If you're using a Win 10 Preview build, the solution is to uninstall it and use the the latest released version of Win 10 which is 1909.

Which message? The previously shown Win 10 notification message relating to Eset Proxy GUI?

As far as candidconcepts.com goes, the IP addresses associated with it are 88.208.222.179 and 88.208.222.180. As far as domain name blocking goes, have you tried *.candidconcepts.com/* and *.candidconcepts.net/*? I assume Eset mail server supports that wildcard notation. Block that IP address then. Doing so might end up blocking a lot of legit e-mail though. It appears a lot of Internet traffic routes through those relay backbone servers.

@Aryeh Goretsky can you check this out and verify the origin of this Win 7 upgrade alert.

No. Per the below screen shot, is Anti-Theft enabled? Also, I don't know how it could have been enabled without you knowing about it. It requires you to either sign-on with your existing my.eset.com account or create a new account.

True. But Linux ones will run just fine. However, the "Window Subsystem for Linux" would need to be installed via Control Panel -> Turn Window features on or off. -EDIT- Can also be done from PowerShell: Open PowerShell as Administrator and run: PowerShell Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux

If you father can access the Eset GUI interface by either the Eset icon on the desktop toolbar or via Win 10 Start menu, refer to the below screen shot on how to retrived his Eset public license ID. He can relay that to you via phone or e-mail. You can then post same in this forum thread:

CHINANET Anhui PROVINCE NETWORK China Telecom No.31,jingrong street Beijing 100032 It's a backbone server, CHINANET-BACKBONE No.31,Jin-rong Street. As such, it wouldn't be the origin of the e-mail but just an intermediary delivering it.

If Eset is properly installed, the answer is no. The Eset installer basically disables Windows Defender and the Win 10 firewall (Internet and Smart Security installations) and modifies Windows Security Center to reflect this status.

Comment from the above posted link article site: Time you ensure your router's firmware is updated to the lastest version if its a D-Link or Linksys router.

Appears something is borked in the Eset installation in regards to your first screen shot showing a Win 10 notification in regards to the Eset GUI. It might be best just to run Eset's Uninstaller tool in Safe mode as described here: https://support.eset.com/en/kb2289-uninstall-eset-manually-using-the-eset-uninstaller-tool . Reboot after the Eset uninstall. Then reinstall Eset again. One of the first things the installler does is show a screen similar to your second screen shot. The "Use a purchased License key" option should be selected and the Eset license key entered there. Prior to performing the above, your father's PC should be checked for any existing other third party AV software; e.g. Avast, Symantec, etc., being installed and that software uninstalled. If issues arise with that, Eset has an AV remover tool that can be downloaded and run to assist in the removal: https://www.eset.com/int/support/av-remover/

This has been fixed in the latest WD engine update to be pushed via Win Updates: https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-defender-scan-bug-with-new-update/

My suggestion again is to go to the malware removal sites I posted previously for assistance. Or, contact your in-country Eset support representative for assistance as long as you are using a paid licensed version of Eset. -EDIT- As far as malwaretips.com and also possibly bleepingcomputer.com, note the following restriction: https://malwaretips.com/threads/piracy.38446/